From ee40438b0eb06bd864ff5ed44eb93d9ece422849 Mon Sep 17 00:00:00 2001 From: mahdahar <89adham@gmail.com> Date: Wed, 22 Apr 2026 15:43:09 +0700 Subject: [PATCH] Sanitize request payload recursively before JSON response Replace telephone-only normalization with recursive UTF-8 sanitization across response arrays. Sanitize each request row and top-level payload before setJSON to prevent malformed UTF-8 encoding failures. Add JSON probe with explicit error logging and return a 500 error payload when encoding still fails. --- app/Controllers/RequestsController.php | 39 ++++++++++++++++++++++---- 1 file changed, 33 insertions(+), 6 deletions(-) diff --git a/app/Controllers/RequestsController.php b/app/Controllers/RequestsController.php index 14d1e40..18ef312 100644 --- a/app/Controllers/RequestsController.php +++ b/app/Controllers/RequestsController.php @@ -83,7 +83,7 @@ class RequestsController extends BaseController foreach ($rows as &$row) { $row['COLLECTIONDATE'] = date('Y-m-d H:i', strtotime($row['COLLECTIONDATE'])); $row['REQDATE'] = date('Y-m-d H:i', strtotime($row['REQDATE'])); - $this->normalizeTelephoneFields($row); + $row = $this->sanitizeUtf8Array($row); } $data = [ @@ -105,6 +105,20 @@ class RequestsController extends BaseController 'validatedCount' => (int) ($counterRow['Validated'] ?? 0), ]; + $data = $this->sanitizeUtf8Array($data); + + $jsonProbe = json_encode($data, JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES); + if ($jsonProbe === false) { + log_message('error', 'RequestsController::index JSON encoding failed after UTF-8 sanitization: {error}', [ + 'error' => json_last_error_msg(), + ]); + + return $this->response->setStatusCode(500)->setJSON([ + 'status' => 'error', + 'message' => 'Failed to encode response payload', + ]); + } + return $this->response->setJSON($data); } @@ -276,13 +290,26 @@ class RequestsController extends BaseController return $this->response->setJSON($data); } - private function normalizeTelephoneFields(array &$row): void + private function sanitizeUtf8Array(array $input): array { - foreach (['TELEPHON', 'TELEPHONE'] as $field) { - if (isset($row[$field]) && is_string($row[$field])) { - $row[$field] = $this->ensureUtf8($row[$field]); - } + foreach ($input as $key => $value) { + $input[$key] = $this->sanitizeUtf8Value($value); } + + return $input; + } + + private function sanitizeUtf8Value(mixed $value): mixed + { + if (is_string($value)) { + return $this->ensureUtf8($value); + } + + if (is_array($value)) { + return $this->sanitizeUtf8Array($value); + } + + return $value; } private function ensureUtf8(string $value): string